Are you grabbing the attributes from the principal or from the
authentication object? You want the principal-specific attributes to be
released from the principal.
-Scott
On Fri, May 16, 2008 at 2:26 PM, Robert Lewis <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Recently I downloaded cas3.2.1 and began to prepare it for production
> use here at Texas A&M. Since the services management servlet with its
> attribute release is a new feature, I prepared a test to see how it
> works. I configured an allowed service and gave it a perl script that
> displays the entire xml response. What I discovered was that the desired
> attributes were not being released. I put in a log line in
> CentralAuthenticationServiceImpl.java which shows that the variable
> registeredService does indeed contain the desired attributes and the
> allowed attributes responds correctly to the control in services
> management. I do not know jsp but looking at
> casServiceValidationSuccess.jsp there does not seem to be any code for
> attribute release. It seems that right after the line
>
>
> <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].
> principal.id)}</cas:user>
>
> there should be lines similar to the following.
>
> <cas:attributes><c:forEach var="attr"
>
> items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes}"
> varStatus="loopStatus" begin="0"
>
> end="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].attributes)-1}"
> step="1">
> <cas:attribute><cas:name>${fn:escapeXml(attr.key)}</cas:name>
> <cas:value>${fn:escapeXml(attr.value)}</cas:value>
> </cas:attribute>
> </c:forEach>
> </cas:attributes>
>
> I ran this in casServiceValidationSuccess.jsp, and lo and behold I
> actually get an attribute put in the xml response, its not the correct
> one and I will debug it, but it at least makes the point that we need
> something similar in casServiceValidationSuccess.jsp to transmit the
> released attributes. Maybe someone who knows more jsp than I do can tell
> me what I need to have to replace "key" and "value?"
>
> Thanks,
>
> Robert Lewis
>
> Message: 2
> Date: Tue, 13 May 2008 17:02:58 -0500
> From: Robert Lewis <[EMAIL PROTECTED]>
> Subject: Re: service dependent xml response
> To: [email protected]
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi Scott,
>
> In CentralAuthenticationServiceImpl.java, after line 365
>
> "if (value != null) {",
>
> I put in a log line as follows.
>
> log.info("attribute="+ attribute + ", value="+value.toString());
>
> I added a service as an approved service, which consists of a perl
> script that displays the entire xml response.
>
> When I run the perl script I can see in the log the released attributes
> in the registeredService, and with the perl script I can see what comes
> back in the xml response. I have changed nothing else in
> CentralAuthenticationServiceImpl.java and casServiceValidationSuccess.jsp
>
> The result is I see in the log the correct release of attributes, but in
> the display of the xml response I see no released attributes.
>
> The only thing I have changed in the cas3.2.1 dist is to add returned
> items in the ldap search, and to connect services management to a mysql
> database. I really would have expected my test to work.
> I don't know how to debug jsp, can you suggest how I might see if
> assertion.chainedAuthentications contains the released attributes?
> Otherwise, how might I debug this problem?
>
> Thanks,
>
> Robert Lewis
>
> Message: 5 Date: Thu, 8 May 2008 11:15:50 -0400 From: "Scott Battaglia"
> <[EMAIL PROTECTED]>
> Subject: Re: service dependent xml response To: "Yale CAS mailing list"
> <[email protected]> Message-ID:
> <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Robert, If you use the services management tool to control which service
> sees which attributes, the CentralAuthenticationService class
> automatically scopes the available attributes passed to the
> casServiceValidationSuccess.jsp to only the ones that service can see.
> -Scott On Mon, May 5, 2008 at 5:55 PM, Robert Lewis <[EMAIL PROTECTED]>
> wrote:
> >> > > Hi,
> >> > >
> >> > > Using cas3.2.1, I need to be able to control the attributes
> released to
> >> > > a service in the xml response. On 24 Apr 2008, there was a
> related post,
> >> > > "Re: Service dependent CredentialsToPrincipalResolver." That person
> >> > > wanted to control the login username in the response, depending
> on the
> >> > > service, and he was advised to customize ServiceValidateController.
> I
> >> > > want even more, I want to use a customized
> >> > > casServiceValidationSuccess.jsp depending on the service. The
> number of
> >> > > attributes returned, and which attributes would vary. I don't see
> how to
> >> > > do it. I have configured the ldap handler so that the search
> returns all
> >> > > the attributes I might need and these are put in a map held by the
> >> > > principal. Now I need to be able to pick the attributes from the
> >> > > principal for return in casServiceValidationSuccess.jsp. How
> would I do
> >> > > that?
> >> > >
> >> > > Thanks,
> >> > >
> >> > > Robert Lewis
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
